External risk intelligence

TaleLin lin-cms-spring-boot Improper Access Controls Vulnerability.

CVE advisorySeverity: LOW (CVSS 2.1)

CVE-2026-10152

A vulnerability in the book endpoint of TaleLin lin-cms-spring-boot allows improper access controls. This could affect data integrity and system availability for organizations. An attacker with remote access may exploit this issue, posing a business risk.

3Halo Surface Signal

External exposure likelihood

Halo Surface Signal score for CVE-2026-10152

The vulnerability exists in a Spring Boot application controller, which is often a web-accessible endpoint. While it is plausibly reachable from the internet, it is a backend application component rather than a dedicated edge gateway or public-facing service, and the context does not confirm it is commonly deployed as a public-facing web surface.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

The identified vulnerability impacts the book endpoint within the TaleLin lin-cms-spring-boot component. This flaw stems from improper access controls, potentially allowing unauthorized actions. The potential consequences for affected organizations include risks to data integrity and system availability due to improperly managed access.

  • Vulnerable component: Book endpoint
  • Core weakness: Improper access controls
  • Main business impact: Unauthorized access to data

Attack Path

How an attacker could exploit the issue

This vulnerability allows an unauthenticated attacker to gain unauthorized access to certain functions within the book endpoint. The attacker can manipulate requests to bypass access controls, potentially leading to unauthorized data viewing or modification. The exploit is publicly available, increasing the risk of its use.

  • Exposure condition: Publicly accessible book endpoint.
  • Attacker starting point: Unauthenticated network access.
  • Trigger and result: Manipulate requests for improper access.

Live Threat

Current exploitation, exposure, and threat context

A vulnerability has been identified in TaleLin lin-cms-spring-boot, potentially impacting the book endpoint. Attackers with low skill could exploit this issue remotely due to improper access controls. The exploit is publicly available, indicating a potential risk to organizations using the affected software.

  • Low skill attacker
  • Remote access required
  • Business risk requires review

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

A vulnerability has been identified in a specific processing area of the book endpoint within the TaleLin lin-cms-spring-boot component. This issue could allow for improper access controls when manipulated. The exploit is publicly available, increasing the potential risk to organizations. The vendor has been notified but has not yet responded.

  • Identify exposed assets.
  • Reduce exposure or isolate risk.
  • Fix, verify, and monitor.

Frequently asked questions

What is lin-cms-spring-boot and what is it used for?

lin-cms-spring-boot is a component within the TaleLin ecosystem, specifically affecting the book endpoint. It is used for managing and processing information related to books. This vulnerability lies in how access controls are managed within this book endpoint.

What is CVE-2026-10152 and how does it work?

CVE-2026-10152 is a vulnerability in lin-cms-spring-boot that results in improper access controls. This means that unauthorized users could potentially perform actions they shouldn't be able to, likely related to the book endpoint's functionality.

How can an attacker trigger this vulnerability?

An attacker can trigger this vulnerability remotely by manipulating requests to the book endpoint. No authentication is required for the attacker to attempt exploitation, which can lead to improper access.

Who should be concerned about this vulnerability?

Organizations using TaleLin lin-cms-spring-boot should be concerned. Since the vulnerability is in a Spring Boot application controller, it's often a web-accessible endpoint that could be reached from the internet, posing a potential external risk.

What are the first steps to address this threat?

First, identify any assets running the affected version of TaleLin lin-cms-spring-boot. Then, consider reducing the exposure of these assets or isolating them to mitigate the risk. The vendor has been notified, but a fix is not yet available.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified